Pentagon Extends, Expands Defense Industrial Base Cyber-Pilot

The Pentagon is considering the pilot program in which it shares classified threat intelligence with the private sector a success and will extend it to November.

The Department of Defense is planning to extend the cyber-defense pilot program in which it shares classified threat intelligence with defense contractors and other companies.

The Defense Industrial Base Cyber-Pilot provides member organizations with classified information about viruses, malware and other cyber-threats to help them defend against sophisticated attacks and network intrusions. The pilot will be extended through mid-November, the Associated Press reported Sept. 26.

So far, the trial program involves at least 20 defense firms. There are discussions as to how it can be expanded to include more companies and subcontractors. The Department of Homeland Security (DHS) is also evaluating the program to provide similar information to defend power plants, electrical grids and other critical infrastructure from cyber-attack.

"The results this far are very promising," Deputy Defense Secretary William Lynn told AP. "I do think it offers the potential opportunity to add a layer of protection to the most critical sectors of our infrastructure."

The Obama administration is interested in this kind of public-private partnership to protect United States defense companies from sophisticated cyber-attacks targeting sensitive information. A senior DHS official told AP that implementing this kind of a program would be easier if Congress would pass legislation explicitly giving DHS the lead role in helping private sector companies secure critical infrastructure.

DHS needs more authority over critical infrastructure and must be able to "mandate" risk-based performance, according to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. Currently, the Defense Department does not have the legal authority to defend civilian systems, and Homeland Security, which oversees private-sector cyber-security, does not have the power to regulate those systems.

Rep. Dan Lungren, R-Calif., chairman of the Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, has proposed creating a United States Computer Emergency Response Team (US-CERT) within DHS that is responsible for protecting federal and critical infrastructure systems and a non-profit organization called the National Information Security Organization that would be managed by the DHS secretary.

The nonprofit organization would have a board of directors comprising a representative from DHS, three representatives from different federal agencies that deal with cyber-security, and five representatives from the private sector that operate networks or facilities that have been deemed critical infrastructure, such as energy, water and communications networks.